The Pradeo Lab identifies another app with Joker malware on Google Play

Posted by The Pradeo Lab on October 22, 2019

Update: The app “Int App Lock” has now been deleted from Google Play and added to global antiviral databases.


Joker is a malware that silently exfiltrates data and subscribes users to unwanted premium subscription. In September, the malware was found in 24 apps on Google Play. Last week, Pradeo researchers identified another infected application still featured on Google Play. The app called Int App Lock, a tool intended to lock access to some data with a PIN code, was installed on 10,000+ devices. Users are advised to immediately delete it from their device.

 

pradeo_int_app_lock_joker_malware2

 

Fraud and data leakage

Int App Lock hosts a malware called Joker, a malicious bot which main activity is to simulate clicks and intercept SMS to subscribe to paid premium services unbeknownst to users. By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect.

Despite that fraud program, Int App Lock also accesses and exfiltrates contact list and device information to send them to 11 external servers, including some highly suspicious ones based in Turkey and Israel.

 

App details

  • Name: Int App Lock
  • Package: com.int.app.locker
  • Version: 1.0.2
  • Rated 1.5/5 on Google Play
  • 10,000+ installs

 

For more information, write to romain.chassere@pradeo.com.

 

Topics: Security Alert, Mobile Application Security